Mistake on this page?
Report an issue in GitHub or email us
Data Structures | Public Types | Public Member Functions | Static Public Attributes
SecurityManager Class Reference

Overview. More...

#include <SecurityManager.h>

Data Structures

class  EventHandler
 The stack will use these functions to signal events to the application, subclass to override handlers. More...
 

Public Types

typedef uint8_t Passkey_t[PASSKEY_LEN]
 6-digit passkey in ASCII ('0'-'9' digits only). More...
 

Public Member Functions

virtual ble_error_t init (bool enableBonding=true, bool requireMITM=true, SecurityIOCapabilities_t iocaps=IO_CAPS_NONE, const Passkey_t passkey=NULL, bool signing=true, const char *dbFilepath=NULL)
 Enable the BLE stack's Security Manager. More...
 
virtual ble_error_t setDatabaseFilepath (const char *dbFilepath=NULL)
 Change the file used for the security database. More...
 
virtual ble_error_t reset (void)
 Notify all registered onShutdown callbacks that the SecurityManager is about to be shutdown and clear all SecurityManager state of the associated object. More...
 
virtual ble_error_t preserveBondingStateOnReset (bool enable)
 Normally all bonding information is lost when device is reset, this requests that the stack attempts to save the information and reload it during initialisation. More...
 
virtual ble_error_t purgeAllBondingState (void)
 Delete all peer device context and all related bonding information from the database within the security manager. More...
 
virtual ble_error_t generateWhitelistFromBondTable (Gap::Whitelist_t *whitelist) const
 Create a list of addresses from all peers in the bond table and generate an event which returns it as a whitelist. More...
 
virtual ble_error_t requestPairing (ble::connection_handle_t connectionHandle)
 Request pairing with the peer. More...
 
virtual ble_error_t acceptPairingRequest (ble::connection_handle_t connectionHandle)
 Accept the pairing request. More...
 
virtual ble_error_t cancelPairingRequest (ble::connection_handle_t connectionHandle)
 Reject pairing request if the local device is the slave or cancel an outstanding pairing request if master. More...
 
virtual ble_error_t setPairingRequestAuthorisation (bool required=true)
 Tell the stack whether the application needs to authorise pairing requests or should they be automatically accepted. More...
 
virtual ble_error_t allowLegacyPairing (bool allow=true)
 Allow of disallow the use of legacy pairing in case the application only wants to force the use of Secure Connections. More...
 
virtual ble_error_t getSecureConnectionsSupport (bool *enabled)
 Check if the Secure Connections feature is supported by the stack and controller. More...
 
virtual ble_error_t setIoCapability (SecurityIOCapabilities_t iocaps)
 Set the IO capability of the local device. More...
 
virtual ble_error_t setDisplayPasskey (const Passkey_t passkey)
 Set the passkey that is displayed on the local device instead of using a randomly generated one. More...
 
virtual ble_error_t setLinkSecurity (ble::connection_handle_t connectionHandle, SecurityMode_t securityMode)
 Set the security mode on a connection. More...
 
virtual ble_error_t setKeypressNotification (bool enabled=true)
 Set whether or not we want to send and receive keypress notifications during passkey entry. More...
 
virtual ble_error_t enableSigning (ble::connection_handle_t connectionHandle, bool enabled=true)
 Request generation and exchange of signing keys so that packet signing can be utilised on this connection. More...
 
virtual ble_error_t setHintFutureRoleReversal (bool enable=true)
 Give a hint to the stack that the master/slave role might change in the future. More...
 
virtual ble_error_t getLinkEncryption (ble::connection_handle_t connectionHandle, ble::link_encryption_t *encryption)
 Current state of encryption on the link. More...
 
virtual ble_error_t setLinkEncryption (ble::connection_handle_t connectionHandle, ble::link_encryption_t encryption)
 Enabled or disable encryption on the link. More...
 
virtual ble_error_t setEncryptionKeyRequirements (uint8_t minimumByteSize, uint8_t maximumByteSize)
 Set the requirements for encryption key size. More...
 
virtual ble_error_t requestAuthentication (ble::connection_handle_t connectionHandle)
 Request that the link be authenticated (keys with MITM protection). More...
 
virtual ble_error_t generateOOB (const ble::address_t *address)
 Generate OOB data with the given address. More...
 
virtual ble_error_t setOOBDataUsage (ble::connection_handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM=true)
 Enable OOB data usage during paring. More...
 
virtual ble_error_t confirmationEntered (ble::connection_handle_t connectionHandle, bool confirmation)
 Report to the stack if the passkey matches or not. More...
 
virtual ble_error_t passkeyEntered (ble::connection_handle_t connectionHandle, Passkey_t passkey)
 Supply the stack with the user entered passkey. More...
 
virtual ble_error_t sendKeypressNotification (ble::connection_handle_t connectionHandle, Keypress_t keypress)
 Send a notification to the peer that the user pressed a key on the local device. More...
 
virtual ble_error_t legacyPairingOobReceived (const ble::address_t *address, const ble::oob_tk_t *tk)
 Supply the stack with the OOB data for legacy connections. More...
 
virtual ble_error_t oobReceived (const ble::address_t *address, const ble::oob_lesc_value_t *random, const ble::oob_confirm_t *confirm)
 Supply the stack with the OOB data for secure connections. More...
 
virtual ble_error_t getSigningKey (ble::connection_handle_t connectionHandle, bool authenticated)
 Retrieves a signing key through a signingKey event. More...
 
void onShutdown (const SecurityManagerShutdownCallback_t &callback)
 Setup a callback to be invoked to notify the user application that the SecurityManager instance is about to shutdown (possibly as a result of a call to BLE::shutdown()). More...
 
SecurityManagerShutdownCallbackChain_tonShutdown ()
 Provide access to the callchain of shutdown event callbacks. More...
 
virtual void setSecurityManagerEventHandler (EventHandler *handler)
 Assign the event handler implementation that will be used by the stack to signal events back to the application. More...
 
virtual ble_error_t getAddressesFromBondTable (Gap::Whitelist_t &addresses) const
 
ble_error_t getLinkSecurity (ble::connection_handle_t connectionHandle, LinkSecurityStatus_t *securityStatus)
 
virtual void onSecuritySetupInitiated (SecuritySetupInitiatedCallback_t callback)
 
virtual void onSecuritySetupCompleted (SecuritySetupCompletedCallback_t callback)
 
virtual void onLinkSecured (LinkSecuredCallback_t callback)
 
virtual void onSecurityContextStored (HandleSpecificEvent_t callback)
 
virtual void onPasskeyDisplay (PasskeyDisplayCallback_t callback)
 
void processSecuritySetupInitiatedEvent (ble::connection_handle_t connectionHandle, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps)
 
void processSecuritySetupCompletedEvent (ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t status)
 
void processLinkSecuredEvent (ble::connection_handle_t connectionHandle, SecurityMode_t securityMode)
 
void processSecurityContextStoredEvent (ble::connection_handle_t connectionHandle)
 
void processPasskeyDisplayEvent (ble::connection_handle_t connectionHandle, const Passkey_t passkey)
 

Static Public Attributes

static const unsigned PASSKEY_LEN = 6
 Declaration of type containing a passkey to be used during pairing. More...
 

Detailed Description

Overview.

Security Manager is used to provide link security through encryption, signing and authentication which are made possible by pairing and optionally bonding. Pairing is the process of establishing and/or exchanging keys used for the current connection. Bonding means saving this information so that it can later be used after reconnecting without having to pair again. This saves time and power.

Paring

There are several ways to provide different levels of security during pairing depending on your requirements and the facilities provided by the application. The process starts with initialising the SecurityManager with default options for new connections. Some settings can later be changed per link or globally.

The important settings in the init() function are the MITM requirement and IO capabilities. Man in the Middle (MITM) protection prevents an attack where one device can impersonate another device by pairing with both devices at the same time. This protection is achieved by sharing some information between the devices through some independent channel. The IO capabilities of both devices dictate what algorithm is used. For details

See also
BLUETOOTH SPECIFICATION Version 5.0 | Vol 3, Part H - 2.3.5.1. You can change the IO capabilities after initialisation with setIoCapability(). This will take effect for all subsequent pairings.
Out of Band data used in pairing

Sharing this information through IO capabilities means user interaction which limits the degree of protection due to the limit of the amount of data that we can expect the user to transfer. Another solution is using OOB (out of band) communication to transfer this data instead which can send much more data making MITM attack even less likely to succeed. OOB data has to be exchanged by the application and provided to the Security Manager. Use setOOBDataUsage() to indicate you want to use it. The same call also allows you to set whether or not the communication channel you are using to transmit the OOB data is itself secure against MITM protection - this will set the level of the link security achieved using pairing that uses this data.

The most secure pairing is provided by Secure Connections which relies on Elliptical Curve Cryptography. Support for Secure Connections is dependent on both the stack and controller on both sides supporting it. If either side doesn't support it Legacy Pairing will be used. This is an older standard of pairing. If higher security is required legacy pairing can be disabled by calling allowLegacyPairing(false);

Signing

Applications may require a level of security providing confidence that data transfers are coming from a trusted source. This can be achieved by encrypting the link which also provides added confidentiality. Encryption is a good choice when a device stays connected but introduces latency due to the need of encrypting the link if the device only connects periodically to transfer data. If confidentiality is not required data GATT server may allow writes to happen over an unencrypted link but authenticated by a signature present in each packet. This signature relies on having sent a signing key to the peer during pairing prior to sending any signed packets.

Persistence of Security information

Security Manager stores all the data required for its operation on active links. Depending on resources available on the device it will also attempt to store data for disconnected devices which have bonded to be reused when reconnected.

If the application has initialised a filesystem and the Security Manager has been provided with a filepath during the init() call it may also provide data persistence across resets. This must be enabled by calling preserveBondingStateOnReset(). Persistence is not guaranteed and may fail if abnormally terminated. The Security Manager may also fall back to a non-persistent implementation if the resources are too limited.

How to use

First thing you need to do is to initialise the manager by calling init() with your chosen settings.

The SecurityManager communicates with your application through events. These will trigger calls in the EventHandler which you must provide by calling the setSecurityManagerEventHandler() function.

The most important process is pairing. This may be triggered manually by calling requestPairing() or may be called as a result of the application requiring encryption by calling setLinkEncryption() or as a result of the application requiring MITM protection through requestAuthentication().

All these can be implicitly called by using setLinkSecurity() to conveniently set the required security for the link. The SecurityManager will trigger all the process required to achieve the set security level. Security level can only be escalated. Asking the Security Manager for a lower security level than the existing one will not fail but will result in a event informing the application through linkEncryptionResult() of the current level (which remains unchanged).

Depending on the IO capabilities and OOB usage settings different pairing algorithms will be chosen. They will produce appropriate events which must be handled by your EventHandler. If your event handler doesn't support all the calls you must not set IO capabilities or set OOB usage in such a way that would trigger them or else the pairing will fail (usually by timing out).

The simplest example is a pairing of a device with no IO capabilities and no OOB data available. With such limited pairing capabilities the "just works" method will be employed. This does not provide any MITM protection. The pairing (triggered implicitly or called explicitly) will result in an event being generated on the peer calling pairingRequest(). The event handler must make a decision (either in the application itself or based on user interaction) whether to accept the pairing and call accetPairing() or cancelPairing(). The result will be communicated on both peers through an event calling pairingResult() in the EventHandler.

Sequence diagrams

Sequence diagram "Just Works" pairing

*  /----------- Device 1 --------------\  *------ BLE link ------*  /-------------- Device 2 -------------\
*
* App  EventHandler              SecurityManager              SecurityManager           EventHandler     App
*  |        |                          |                            |                        |            |
*  |---------------------------> requestPairing()                   |                        |            |
*  |        |                          |------[pairing start]------>|                        |            |
*  |        |                          |                            |----------------> pairingRequest() ->|
*  |        |                          |                        acceptPairing() <------------------------ |
*  |        |                          |<---[pairing complete]----->|                        |            |
*  |<- pairingResult() <---------------|                            |----------------> pairingResult() -->|
*  |        |                          |                            |                        |            |
* 
Note
the requestPairing() call isn't required to trigger pairing. Pairing will also be triggered if you request encryption and authentication and no bonding information is available. The sequence will be the same save for the lack of explicit requestPairing() call.

Sequence diagram Encryption request when bonding information is available

*  /----------- Device 1 --------------\  *------ BLE link ------*  /-------------- Device 2 -------------\
*
* App  EventHandler              SecurityManager              SecurityManager           EventHandler     App
*  |       |                           |                            |                        |            |
*  |---------------------------> setLinkEncryption()                |                        |            |
*  |       |                           |<-[encryption established]->|                        |            |
*  |<- linkEncryptionResult() <--------|                            |---------> linkEncryptionResult() -->|
*  |       |                           |                            |                        |            |
* 
Note
if bonding information is not available, pairing will be triggered

Sequence diagram for Secure Connections passkey entry pairing with one device having a display only and other a keyboard

*  /----------- Device 1 (keyboard) ---\  *------ BLE link ------*  /-------------- Device 2 (display) ---\
*
* App  EventHandler              SecurityManager              SecurityManager           EventHandler     App
*  |        |                          |                            |                        |            |
*  |---------------------------> requestPairing()                   |                        |            |
*  |        |                          |------[pairing start]------>|                        |            |
*  |        |                          |                            |----------------> pairingRequest() ->|
*  |        |                          |                        acceptPairing() <------------------------ |
*  |        |                          |<---[secure con. pairing]-->|                        |            |
*  |<- passkeyRequest() <--------------|                            |----------------> passkeyDisplay() ->|
*  |        |                          |                            |                        |            |
*
*                       user reads the passkey on Device 2 and inputs it on Device 1
*
*  |        |                          |                            |                        |            |
*  |-------------------------->passkeyEntered()                     |                        |            |
*  |        |                          |<---[pairing complete]----->|                        |            |
*  |<- pairingResult() <---------------|                            |----------------> pairingResult() -->|
*  |        |                          |                            |                        |            |
* 

Definition at line 180 of file SecurityManager.h.

Member Typedef Documentation

typedef uint8_t Passkey_t[PASSKEY_LEN]

6-digit passkey in ASCII ('0'-'9' digits only).

Definition at line 246 of file SecurityManager.h.

Member Enumeration Documentation

enum Keypress_t

events sent and received when passkey is being entered

Enumerator
KEYPRESS_STARTED 

Passkey entry started.

KEYPRESS_ENTERED 

Passkey digit entered.

KEYPRESS_ERASED 

Passkey digit erased.

KEYPRESS_CLEARED 

Passkey cleared.

KEYPRESS_COMPLETED 

Passkey entry completed.

Definition at line 183 of file SecurityManager.h.

Defines possible security status or states.

Defines possible security status or states of a link when requested by getLinkSecurity().

Enumerator
NOT_ENCRYPTED 

The link is not secured.

ENCRYPTION_IN_PROGRESS 

Link security is being established.

ENCRYPTED 

The link is secure.

Definition at line 206 of file SecurityManager.h.

Result of security requests.

Enumerator
SEC_STATUS_SUCCESS 

Procedure completed with success.

SEC_STATUS_TIMEOUT 

Procedure timed out.

SEC_STATUS_PDU_INVALID 

Invalid PDU received.

SEC_STATUS_PASSKEY_ENTRY_FAILED 

Passkey entry failed (user cancelled or other).

SEC_STATUS_OOB_NOT_AVAILABLE 

Out of Band Key not available.

SEC_STATUS_AUTH_REQ 

Authentication requirements not met.

SEC_STATUS_CONFIRM_VALUE 

Confirm value failed.

SEC_STATUS_PAIRING_NOT_SUPP 

Pairing not supported.

SEC_STATUS_ENC_KEY_SIZE 

Encryption key size.

SEC_STATUS_SMP_CMD_UNSUPPORTED 

Unsupported SMP command.

SEC_STATUS_UNSPECIFIED 

Unspecified reason.

SEC_STATUS_REPEATED_ATTEMPTS 

Too little time elapsed since last attempt.

SEC_STATUS_INVALID_PARAMS 

Invalid parameters.

SEC_STATUS_DHKEY_CHECK_FAILED 

DHKey received doesn’t match locally calculated one.

SEC_STATUS_COMPARISON_FAILED 

Values in the numeric comparison protocol do not match.

Definition at line 222 of file SecurityManager.h.

Input/output capability of the device and application.

Enumerator
IO_CAPS_DISPLAY_ONLY 

Display only.

IO_CAPS_DISPLAY_YESNO 

Display and yes/no entry.

IO_CAPS_KEYBOARD_ONLY 

Keyboard only.

IO_CAPS_NONE 

No I/O capabilities.

IO_CAPS_KEYBOARD_DISPLAY 

Keyboard and display.

Definition at line 213 of file SecurityManager.h.

level of security required from the link by the application

Enumerator
SECURITY_MODE_ENCRYPTION_OPEN_LINK 

Require no protection, open link.

SECURITY_MODE_ENCRYPTION_NO_MITM 

Require encryption, but no MITM protection.

SECURITY_MODE_ENCRYPTION_WITH_MITM 

Require encryption and MITM protection.

SECURITY_MODE_SIGNED_NO_MITM 

Require signing or encryption, but no MITM protection.

SECURITY_MODE_SIGNED_WITH_MITM 

Require signing or encryption, and MITM protection.

Definition at line 192 of file SecurityManager.h.

Member Function Documentation

virtual ble_error_t acceptPairingRequest ( ble::connection_handle_t  connectionHandle)
virtual

Accept the pairing request.

Called as a result of pairingRequest being called on the event handler.

Parameters
[in]connectionHandleHandle to identify the connection.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 573 of file SecurityManager.h.

virtual ble_error_t allowLegacyPairing ( bool  allow = true)
virtual

Allow of disallow the use of legacy pairing in case the application only wants to force the use of Secure Connections.

If legacy pairing is disallowed and either side doesn't support Secure Connections the pairing will fail.

Parameters
[out]allowIf true legacy pairing will be used if either side doesn't support Secure Connections.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 617 of file SecurityManager.h.

virtual ble_error_t cancelPairingRequest ( ble::connection_handle_t  connectionHandle)
virtual

Reject pairing request if the local device is the slave or cancel an outstanding pairing request if master.

Parameters
[in]connectionHandleHandle to identify the connection.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 585 of file SecurityManager.h.

virtual ble_error_t confirmationEntered ( ble::connection_handle_t  connectionHandle,
bool  confirmation 
)
virtual

Report to the stack if the passkey matches or not.

Used during pairing to provide MITM protection.

Parameters
[in]connectionHandleHandle to identify the connection.
[in]confirmationTrue value indicates the passkey displayed matches.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 842 of file SecurityManager.h.

virtual ble_error_t enableSigning ( ble::connection_handle_t  connectionHandle,
bool  enabled = true 
)
virtual

Request generation and exchange of signing keys so that packet signing can be utilised on this connection.

Note
This does not generate a signingKey event. Use getSigningKey for that.
Parameters
[in]connectionHandleHandle to identify the connection.
[in]enabledIf set to true, signing keys will be exchanged during subsequent pairing.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 701 of file SecurityManager.h.

virtual ble_error_t generateOOB ( const ble::address_t address)
virtual

Generate OOB data with the given address.

If Secure Connections is supported this will also generate Secure Connections OOB data on top of legacy pairing OOB data. This can be used to generate such data before the connection takes place.

In this model the OOB exchange takes place before the devices connect. Devices should establish communication over another channel and exchange the OOB data. The address provided will be used by the peer to associate the received data with the address of the device it will then connect to over BLE.

Parameters
[in]addressThe local address you will use in the connection using this OOB data. This address will be returned along with the rest of the OOB data when generation is complete. Using an invalid address is illegal.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 798 of file SecurityManager.h.

virtual ble_error_t generateWhitelistFromBondTable ( Gap::Whitelist_t whitelist) const
virtual

Create a list of addresses from all peers in the bond table and generate an event which returns it as a whitelist.

Pass in the container for the whitelist. This will be returned by the event.

Parameters
[in]whitelistPreallocated whitelist which will be filled up to its capacity. If whitelist already contains entries this will be appended to. Do not access the whitelist until callback has been called, returning the filled whitelist.
Return values
BLE_ERROR_NONEOn success, else an error code indicating reason for failure

Definition at line 546 of file SecurityManager.h.

virtual ble_error_t getAddressesFromBondTable ( Gap::Whitelist_t addresses) const
virtual
Deprecated:
use generateWhitelistFromBondTable instead

Get a list of addresses from all peers in the bond table.

Parameters
[in,out]addresses(on input) addresses.capacity contains the maximum number of addresses to be returned. (on output) The populated table with copies of the addresses in the implementation's whitelist.
Return values
BLE_ERROR_NONEOn success, else an error code indicating reason for failure.
BLE_ERROR_INVALID_STATEIf the API is called without module initialization or application registration.

Definition at line 997 of file SecurityManager.h.

virtual ble_error_t getLinkEncryption ( ble::connection_handle_t  connectionHandle,
ble::link_encryption_t encryption 
)
virtual

Current state of encryption on the link.

Parameters
[in]connectionHandleHandle to identify the connection.
[out]encryption
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 729 of file SecurityManager.h.

ble_error_t getLinkSecurity ( ble::connection_handle_t  connectionHandle,
LinkSecurityStatus_t securityStatus 
)
Deprecated:

Get the security status of a connection.

Parameters
[in]connectionHandleHandle to identify the connection.
[out]securityStatusSecurity status.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 1013 of file SecurityManager.h.

virtual ble_error_t getSecureConnectionsSupport ( bool *  enabled)
virtual

Check if the Secure Connections feature is supported by the stack and controller.

Parameters
[out]enabledtrue if SC are supported
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 628 of file SecurityManager.h.

virtual ble_error_t getSigningKey ( ble::connection_handle_t  connectionHandle,
bool  authenticated 
)
virtual

Retrieves a signing key through a signingKey event.

If a signing key is not present, pairing/authentication will be attempted.

Note
This will attempt to retrieve the key even if enableSigning hasn't been called prior to pairing.
Parameters
[in]connectionHandleHandle to identify the connection.
[in]authenticatedWhether the signing key needs to be authenticated (provide MITM protection).
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 919 of file SecurityManager.h.

virtual ble_error_t init ( bool  enableBonding = true,
bool  requireMITM = true,
SecurityIOCapabilities_t  iocaps = IO_CAPS_NONE,
const Passkey_t  passkey = NULL,
bool  signing = true,
const char *  dbFilepath = NULL 
)
virtual

Enable the BLE stack's Security Manager.

The Security Manager implements the actual cryptographic algorithms and protocol exchanges that allow two devices to securely exchange data and privately detect each other. Calling this API is a prerequisite for encryption and pairing (bonding).

Parameters
[in]enableBondingAllow for bonding.
[in]requireMITMRequire protection for man-in-the-middle attacks.
[in]iocapsTo specify the I/O capabilities of this peripheral, such as availability of a display or keyboard, to support out-of-band exchanges of security data.
[in]passkeyTo specify a static passkey.
[in]signingGenerate and distribute signing key during pairing
[in]dbFilepathPath to the file used to store keys in the filesystem, if NULL keys will be only stored in memory
Returns
BLE_ERROR_NONE on success.

Definition at line 450 of file SecurityManager.h.

virtual ble_error_t legacyPairingOobReceived ( const ble::address_t address,
const ble::oob_tk_t tk 
)
virtual

Supply the stack with the OOB data for legacy connections.

Parameters
[in]addressaddress of the peer device this data comes from
[in]tkpointer to out of band data received containing the temporary key.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 882 of file SecurityManager.h.

virtual void onLinkSecured ( LinkSecuredCallback_t  callback)
virtual
Deprecated:

To indicate that the link with the peer is secured. For bonded devices, subsequent reconnections with a bonded peer will result only in this callback when the link is secured; setup procedures will not occur (unless the bonding information is either lost or deleted on either or both sides).

Definition at line 1068 of file SecurityManager.h.

virtual void onPasskeyDisplay ( PasskeyDisplayCallback_t  callback)
virtual
Deprecated:

To set the callback for when the passkey needs to be displayed on a peripheral with DISPLAY capability.

Definition at line 1085 of file SecurityManager.h.

virtual void onSecurityContextStored ( HandleSpecificEvent_t  callback)
virtual
Deprecated:

To indicate that device context is stored persistently.

Definition at line 1077 of file SecurityManager.h.

virtual void onSecuritySetupCompleted ( SecuritySetupCompletedCallback_t  callback)
virtual
Deprecated:

To indicate that the security procedure for the link has completed.

Definition at line 1056 of file SecurityManager.h.

virtual void onSecuritySetupInitiated ( SecuritySetupInitiatedCallback_t  callback)
virtual
Deprecated:

To indicate that a security procedure for the link has started.

Definition at line 1047 of file SecurityManager.h.

void onShutdown ( const SecurityManagerShutdownCallback_t callback)

Setup a callback to be invoked to notify the user application that the SecurityManager instance is about to shutdown (possibly as a result of a call to BLE::shutdown()).

Note
It is possible to chain together multiple onShutdown callbacks (potentially from different modules of an application) to be notified before the SecurityManager is shutdown.
It is also possible to set up a callback into a member function of some object.
It is possible to unregister a callback using onShutdown().detach(callback)

Definition at line 941 of file SecurityManager.h.

Provide access to the callchain of shutdown event callbacks.

It is possible to register callbacks using onShutdown().add(callback). It is possible to unregister callbacks using onShutdown().detach(callback).

Returns
The shutdown event callbacks chain

Definition at line 956 of file SecurityManager.h.

virtual ble_error_t oobReceived ( const ble::address_t address,
const ble::oob_lesc_value_t random,
const ble::oob_confirm_t confirm 
)
virtual

Supply the stack with the OOB data for secure connections.

Parameters
[in]addressaddress of the peer device this data comes from
[in]randomrandom number used to generate the confirmation
[in]confirmconfirmation value to be use for authentication in secure connections pairing
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 897 of file SecurityManager.h.

virtual ble_error_t passkeyEntered ( ble::connection_handle_t  connectionHandle,
Passkey_t  passkey 
)
virtual

Supply the stack with the user entered passkey.

Parameters
[in]connectionHandleHandle to identify the connection.
[in]passkeyASCII string of digits entered by the user.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 855 of file SecurityManager.h.

virtual ble_error_t preserveBondingStateOnReset ( bool  enable)
virtual

Normally all bonding information is lost when device is reset, this requests that the stack attempts to save the information and reload it during initialisation.

This is not guaranteed.

Parameters
[in]enableif true the stack will attempt to preserve bonding information on reset.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 511 of file SecurityManager.h.

void processLinkSecuredEvent ( ble::connection_handle_t  connectionHandle,
SecurityMode_t  securityMode 
)
Deprecated:

Definition at line 1102 of file SecurityManager.h.

void processPasskeyDisplayEvent ( ble::connection_handle_t  connectionHandle,
const Passkey_t  passkey 
)
Deprecated:

Definition at line 1116 of file SecurityManager.h.

void processSecurityContextStoredEvent ( ble::connection_handle_t  connectionHandle)
Deprecated:

Definition at line 1110 of file SecurityManager.h.

void processSecuritySetupCompletedEvent ( ble::connection_handle_t  connectionHandle,
SecurityCompletionStatus_t  status 
)
Deprecated:

Definition at line 1098 of file SecurityManager.h.

void processSecuritySetupInitiatedEvent ( ble::connection_handle_t  connectionHandle,
bool  allowBonding,
bool  requireMITM,
SecurityIOCapabilities_t  iocaps 
)
Deprecated:

Definition at line 1092 of file SecurityManager.h.

virtual ble_error_t purgeAllBondingState ( void  )
virtual

Delete all peer device context and all related bonding information from the database within the security manager.

Return values
BLE_ERROR_NONEOn success, else an error code indicating reason for failure.
BLE_ERROR_INVALID_STATEIf the API is called without module initialization or application registration.

Definition at line 530 of file SecurityManager.h.

virtual ble_error_t requestAuthentication ( ble::connection_handle_t  connectionHandle)
virtual

Request that the link be authenticated (keys with MITM protection).

This might trigger encryption or pairing/re-pairing. The success will be indicated through an event indicating security level change.

Parameters
[in]connectionHandleHandle to identify the connection.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 774 of file SecurityManager.h.

virtual ble_error_t requestPairing ( ble::connection_handle_t  connectionHandle)
virtual

Request pairing with the peer.

Called by the master.

Note
Slave can call requestAuthentication or setLinkEncryption to achieve security.
Parameters
[in]connectionHandleHandle to identify the connection.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 561 of file SecurityManager.h.

virtual ble_error_t reset ( void  )
virtual

Notify all registered onShutdown callbacks that the SecurityManager is about to be shutdown and clear all SecurityManager state of the associated object.

This function is meant to be overridden in the platform-specific sub-class. Nevertheless, the sub-class is only expected to reset its state and not the data held in SecurityManager members. This shall be achieved by a call to SecurityManager::reset() from the sub-class' reset() implementation.

Returns
BLE_ERROR_NONE on success.

Definition at line 495 of file SecurityManager.h.

virtual ble_error_t sendKeypressNotification ( ble::connection_handle_t  connectionHandle,
Keypress_t  keypress 
)
virtual

Send a notification to the peer that the user pressed a key on the local device.

Note
This will only be delivered if the keypress notifications have been enabled during pairing.
Parameters
[in]connectionHandleHandle to identify the connection.
[in]keypressType of keypress event.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 869 of file SecurityManager.h.

virtual ble_error_t setDatabaseFilepath ( const char *  dbFilepath = NULL)
virtual

Change the file used for the security database.

If path is invalid or a NULL is passed keys will only be stored in memory.

Note
This operation is only allowed with no active connections.
Parameters
[in]dbFilepathPath to the file used to store keys in the filesystem, if NULL keys will be only stored in memory
Returns
BLE_ERROR_NONE on success.

Definition at line 477 of file SecurityManager.h.

virtual ble_error_t setDisplayPasskey ( const Passkey_t  passkey)
virtual

Set the passkey that is displayed on the local device instead of using a randomly generated one.

Parameters
[in]passkeyASCII string of 6 digits
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 655 of file SecurityManager.h.

virtual ble_error_t setEncryptionKeyRequirements ( uint8_t  minimumByteSize,
uint8_t  maximumByteSize 
)
virtual

Set the requirements for encryption key size.

If the peer cannot comply with the requirements paring will fail.

Parameters
[in]minimumByteSizeSmallest allowed encryption key size in bytes. (no smaller than 7)
[in]maximumByteSizeLargest allowed encryption key size in bytes. (no larger than 16)
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 757 of file SecurityManager.h.

virtual ble_error_t setHintFutureRoleReversal ( bool  enable = true)
virtual

Give a hint to the stack that the master/slave role might change in the future.

Parameters
[in]enableIf set to true it hints the roles are likely to swap in the future.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 713 of file SecurityManager.h.

virtual ble_error_t setIoCapability ( SecurityIOCapabilities_t  iocaps)
virtual

Set the IO capability of the local device.

Parameters
[in]iocapstype of IO capabilities available on the local device
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 643 of file SecurityManager.h.

virtual ble_error_t setKeypressNotification ( bool  enabled = true)
virtual

Set whether or not we want to send and receive keypress notifications during passkey entry.

Parameters
[in]enabledif true pairing will try to enable keypress notifications (dependent on other side supporting it)
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 686 of file SecurityManager.h.

virtual ble_error_t setLinkEncryption ( ble::connection_handle_t  connectionHandle,
ble::link_encryption_t  encryption 
)
virtual

Enabled or disable encryption on the link.

The result of this request will be indicated by a call to linkEncryptionResult in the event handler when the action is completed.

Parameters
[in]connectionHandleHandle to identify the connection.
[in]encryptionencryption state requested
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 743 of file SecurityManager.h.

virtual ble_error_t setLinkSecurity ( ble::connection_handle_t  connectionHandle,
SecurityMode_t  securityMode 
)
virtual

Set the security mode on a connection.

Useful for elevating the security mode once certain conditions are met, e.g., a particular service is found.

Parameters
[in]connectionHandleHandle to identify the connection.
[in]securityModeRequested security mode.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 669 of file SecurityManager.h.

virtual ble_error_t setOOBDataUsage ( ble::connection_handle_t  connectionHandle,
bool  useOOB,
bool  OOBProvidesMITM = true 
)
virtual

Enable OOB data usage during paring.

If Secure Connections is supported enabling useOOB will generate Secure Connections OOB data through oobGenerated() on top of legacy pairing OOB data.

You do not have to call this function to return received OOB data. Use legacyPairingOobReceived or oobReceived to hand it in. This will allow the stack to use it if possible. You only need to call this function to attempt legacy OOB data exchange after pairing start and to inform the stack OOB data does not provide MITM protection (by default it is set to provide this).

In this model the OOB exchange takes places after the devices have connected but possibly prior to pairing. For secure connections pairing must not be started until after the OOB data has been sent and/or received. The address in the OOB data generated will match the original address used to establish the connection and will be used by the peer to identify which connection the OOB data belongs to.

Parameters
[in]connectionHandleHandle to identify the connection.
[in]useOOBIf set to true, authenticate using OOB data.
[in]OOBProvidesMITMIf set to true keys exchanged during pairing using OOB data will provide Man-in-the-Middle protection. This indicates that the form of exchange used by the OOB data itself provides MITM protection.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 827 of file SecurityManager.h.

virtual ble_error_t setPairingRequestAuthorisation ( bool  required = true)
virtual

Tell the stack whether the application needs to authorise pairing requests or should they be automatically accepted.

Parameters
[in]requiredIf set to true, pairingRequest in the event handler will will be called and will require an action from the application to continue with pairing by calling acceptPairingRequest or cancelPairingRequest if the user wishes to reject it.
Returns
BLE_ERROR_NONE or appropriate error code indicating the failure reason.

Definition at line 600 of file SecurityManager.h.

virtual void setSecurityManagerEventHandler ( EventHandler handler)
virtual

Assign the event handler implementation that will be used by the stack to signal events back to the application.

Parameters
[in]handlerEvent Handler interface implementation.

Definition at line 966 of file SecurityManager.h.

Field Documentation

const unsigned PASSKEY_LEN = 6
static

Declaration of type containing a passkey to be used during pairing.

This is passed into initializeSecurity() to specify a pre-programmed passkey for authentication instead of generating a random one.

Definition at line 245 of file SecurityManager.h.

Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.